I had Firefox 52.7.0 on my Linux host which is running fine.
Also, I have my own CA certificate which I add using certutil
command:
$ certutil -d ~/.mozilla/firefox/profiledir -A -n myca -i ./myca.pem -t CT,,
I can see myca
it's being added by issuing this command:
$ certutil -d ~/.mozilla/firefox/profiledir -L
When I navigate to Preferences
- Advanced
- Certificates
- View Certificates
I can see my certificate in the list.
At some point I decided I don't have enough excitement in my life, so I decided to upgrade Firefox to a newer version. The version I downloaded is Firefox 102.1.0esr for Linux.
However, certutil
adds my CA certificate (I see it using certutil -L
), but when I navigate to Settings
- Privacy & Security
- Certificates
- View Certificates
I don't see my newly added CA in the list. Of course, the certificate is not being used by Firefox because of this.
I would assume the way to add a custom CA certificate changed between Firefox 52 and 102. What's the current way of adding my own CA to Firefox?
Mozilla Wiki shows certutil
is still one way of adding it. Maybe the way I add it is no longer valid with the new version.
CodePudding user response:
It appears starting with Firefox 58 the file used for user certificates changed from cert8.db
to cert9.db
.
In order for certutil
to use cert9.db
, I had to prepend "sql:" for -d
option.
The final command would look like:
certutil -d sql:~/.mozilla/firefox/profiledir -A -n myca -i ./myca.pem -t CT,,